Email certificates, also known as SMIME certificates, are digital certificates that can be used to sign and encrypt email messages. When you sign an email using an email certificate, only the person that you sent it to can decrypt and read the email. The recipient can also be sure that the email hasn’t been changed in any way

If you don’t use an email certificate, your emails can be read by anyone, or any server, that is used to pass the emails to the recipient. This can be a lot people. This would be like sending a postcard through the mail so that all of the postal workers and anyone who really wants to can read it. With an email certificate, you are 100% guaranteed to have secure email while it is being transmitted.

Some email servers use a different kind of certificate called a server authentication SSL certificate. This secures all email transmissions from the server to your local computer, but once you send an email to another email account on another email server, it leaves the safe haven and travels to the unprotected lines of the Internet where anyone can read it. An SMIME certificate ensures end-to-end security.

Disadvantage with Email certificates

Not all email clients support SMIME certificates so users may be confused by the smime.p7s attachment on emails.

Email certificates aren’t normally considered practical for webmail clients because the private key would need to be kept on the server, preventing end-to-end encryption.

Malware can be sent to in an encrypted email without being stopped by a company gateway.

The private key of the SMIME certificate could be lost and the messages would not be readable.